GHSA-m23h-6mwm-39m8
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation
Blast Radius
github.com/kong/kubernetes-ingress-controller/v3🐹github.com/kong/kubernetes-ingress-controller/v3🐹github.com/kong/kubernetes-ingress-controller/v2🐹github.com/kong/kubernetes-ingress-controllerReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.
Description
Summary
A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode (where the GatewayClass lacks an unmanaged annotation), the Gateway TLS translator skips critical status checks. This bypass allows the translator to fetch Secrets from any namespace KIC watches, even when a ReferenceGrant explicitly denies access or is missing.
An actor with RBAC permissions to create or modify Gateways in a low-privileged namespace can reference a Secret in a high-privileged namespace, causing KIC to "leak" that Secret's sensitive private key material into the Kong dataplane configuration.
Am I affected?
You are affected if all of these hold:
- You are using Kong Ingress Controller with the Gateway API.
- Your
GatewayClassis operating in managed mode (default behavior, no unmanaged annotation). - KIC is configured to watch multiple namespaces (multi-tenant environment).
- Users have RBAC permissions to
createorupdategateways.gateway.networking.k8s.ioin their own namespaces.
You are not affected if any of this:
- You only use KIC for
Ingressresources (not Gateway API). - Your
GatewayClassuses thekonghq.com/gateway-unmanagedannotation. - KIC is restricted via RBAC or configuration to only watch a single namespace.
- You have strictly limited Gateway creation/modification permissions to trusted cluster administrators only.
Mitigation
- Add unmanaged gateway annotation: add the
konghq.com/gateway-unmanagedannotation to yourGatewayClass
Additional best practicies
- Restrict Gateway RBAC: Limit the ability to create or modify Gateway resources to high-trust administrative users until a patch is applied.
- Namespace Isolation: If possible, limit the namespaces KIC is permitted to watch using the
WATCH_NAMESPACEenvironment variable or specific RBAC RoleBindings.
Fix
The fix mandates ReferenceGrant validation for all cross-namespace certificate references. By requiring a Programmed: True listener status, the translator now strictly authorizes external Secret access while maintaining default access for same-namespace certificates, effectively closing the exfiltration vector.
Fixed in #7920, with backports to supported release branches in #7921 and #7922.
Upgrade to one of the following patched versions (or later):
- 3.4.14
- 3.5.7
CVSS
CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P = 5.6 Medium
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🐹Go | github.com/kong/kubernetes-ingress-controller/v3 | ≥ 3.5.0&&< 3.5.7 | 3.5.7 |
| 🐹Go | github.com/kong/kubernetes-ingress-controller/v3 | all versions | 3.4.14 |
| 🐹Go | github.com/kong/kubernetes-ingress-controller/v2 | all versions | No fix |
| 🐹Go | github.com/kong/kubernetes-ingress-controller | all versions | No fix |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kong/kubernetes-ingress-controller/v3. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update github.com/kong/kubernetes-ingress-controller/v3 to 3.5.7 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m23h-6mwm-39m8 is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-m23h-6mwm-39m8 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-m23h-6mwm-39m8. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-m23h-6mwm-39m8 in your dependencies?
O3 detects GHSA-m23h-6mwm-39m8 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.